Apparatus and method for storing data

ABSTRACT

A method and apparatus for storing data comprising an original identity(OID) and associated descriptive information(DI) are disclosed. By means of a first algorithm(ALG1), the original identity(OID) is encrypted to an update identity(UID) which, by means of a reversible algorithm(ALG2), is encrypted to a storage identity(SID) which is stored as a record(P) on a storage medium along with associated descriptive information(DI). At the times when storage identities(SID) of selected records(P) are to be replaced with new storage identities(SID&#39;), the storage identities(SID) are decrypted in order to recreate the corresponding update identities(UID), which then are encrypted, by means of a new altered reversible algorithm(ALG2&#39;), to new storage identities(SID&#39;) intended to replace the previous storage identities (SID).

This invention relates to an apparatus and a method for storing data,more specifically data comprising identifying information, such aspersonal code numbers, as well as associated descriptive information.

In computer-aided information management, it is imperative that theindividual's personal integrity be protected against violation whensetting up and keeping personal registers, i.e. registers containinginformation on individuals. Also in industry, banking and defence, aswell as many other sectors where computer-aided information managementis used, it is essential that stored data be protected againstunauthorised access. In particular, there are regulations restricting orprohibiting the linking and matching of personal registers, since thisoften results in one or more new personal registers containing sensitiveinformation that can be directly linked to individuals.

There is, however, a great need of being able to link and matchdifferent personal registers without posing a threat to the personalintegrity of the individual.

Within this technical field, there are different cryptographic storagemethods in which, for security reasons, the information to be stored isfirst encrypted and then stored on a storage medium. However, theseprior-art encrypting methods are often sensitive to tracking, sinceevery registration in or update of a database involves an alterationwhich, by means of tracking tools, can be linked to the correspondingnon-encrypted original information bearing a one-to-one relation to theencrypted information. After a number of trackings, all the encryptedinformation can be converted to plain text.

This invention aims at solving the above problem of the prior art and tothis end provides an apparatus as set forth in appended claim 1, as wellas a method as set forth in appended claim 7.

According to the invention, the information to be stored comprises anoriginal identity OID and associated descriptive information DI.Examples of the original identity are personal code number, drawingnumber, document identity, and registration number for vehicles. Theassociated descriptive information is such information as does notreveal the original identity, i.e. that cannot be linked directlythereto. A distinctive feature of the invention is that the originalidentity OID is completely separated from the descriptive informationDI, which is achieved by initially having the original identity OIDundergo a first encryption by means of a first algorithm ALG1, resultingin an update identity UID. Then, the update identity UID undergoes asecond encryption by means of a reversible algorithm ALG2, resulting ina storage identity SID. The thus-created storage identity SID is, alongwith associated descriptive information DI, stored as a record on astorage medium. Thus, the original identity is completely separated fromthe associated descriptive information. If the original identityconsists of a personal code number or the like, the resulting recordsmay be regarded as pure information records in contrast to personalrecords.

In order to prevent the descriptive information DI from ever beingrelinked to the original identity OID, the first algorithm ALG1preferably is a non-reversible algorithm, i.e. an algorithm giving eachoriginal identity a unique update identity and providing a great numberof identities when decrypting efforts are made.

Furthermore, the invention is distinguished by the fact that theoriginal identity OID is encrypted in two separate steps when generatingthe storage identity SID, and that the second encrypting step isperformed by means of a reversible algorithm ALG2. These distinctivefeatures of the invention enable the creation of "floating" storageidentities of the records in order to prevent all unauthorised tracking.According to the invention, the storage identities SID of selectedrecords, preferably all the records, stored on the storage medium are,at certain times, replaced with new storage identities SID'. As aresult, the information obtained by tracking, if any, is perfectlyuseless as soon as the storage identities according to the inventionhave been replaced with new ones. The storage identities SID of thestored records are, according to the invention, altered by firstdecrypting the storage identities SID of the selected records by meansof a third algorithm ALG3, recreating the corresponding updateidentities UID. It will be appreciated that the third algorithm ALG3 fordecryption is directly related to the reversible algorithm ALG2 which,at a previous time, was used for creating the storage identities SIDfrom the update identities UID. Then, the reversible algorithm ALG2 isaltered to a new reversible algorithm ALG2', whereupon the recreatedupdate identities UID are encrypted to new storage identities SID' bymeans of the altered, new reversible algorithm ALG2'.

The times when the storage identities are replaced with new ones may becontrolled completely at random, occur at set intervals, depend on thenumber of updates, and so forth.

In a preferred embodiment of the invention, the selected records are,when given new storage identities, also moved to new physical locationson the storage medium. In combination with "floating" storageidentities, this effectively prevents all attempts at unauthorisedtracking.

The invention enables efficient retrieval of stored data for operativeas well as strategic purposes, as well as so-called longitudinal updateof strategic data.

When retrieving data for operative purposes, the descriptive informationstored for a given original identity is retrieved for reading, update,alteration, printout, and so forth. According to the invention, this ispossible by first encrypting such a given original identity to a storageidentity in two steps by means of the above two algorithms. All storedrecords containing the thus-obtained storage identity can be expedientlylocated and the corresponding descriptive information be retrieved. Inparticular, such retrieval of operative data associated with a givenoriginal identity does not require any decryption of the correspondingstorage identity, nor any storage of the given original identity, whichprevents all unwanted linking between the original identity and theassociated descriptive information.

In order to retrieve data for strategic purposes, the storage identitycan be put to effective use when putting together data that have thesame storage identity. Retrieving data for strategic purposes differsfrom retrieving data for operative purposes in that one does not wish orneed to know to which original identity a certain item of descriptiveinformation belongs, but one nevertheless has to be absolutely certainthat all the descriptive information retrieved belongs to the sameoriginal identity. Obviously, this is of great importance when, and thisis a case of particular interest, the original identity corresponds to aspecific individual, since the invention makes it possible to puttogether, for strategic purposes, descriptive information relating todifferent individuals, without any risk of their identities beingrevealed. It is to be understood that the invention enables so-calledlongitudinal update of strategic information, which among other thingsmeans that a given individual is observed for some time and that, atdifferent times, new descriptive information is stored in such a mannerthat it can be linked to information previously stored for the sameindividual, without there being any risk of revealing the identity ofthe individual.

It should be emphasised that the storage of new descriptive informationassociated with a certain original identity does not necessarily requirethe creation of a new record containing the storage identity and thedescriptive information. The new descriptive information may instead bestored in an existing record whose storage identity corresponds to theoriginal identity at issue.

These and other distinctive features, properties and advantages of theinvention are stated in the appended claims and also appear from thefollowing description of one mode of implementation of the invention. Inthe drawings,

FIG. 1 is a block diagram illustrating how the invention can beimplemented in a computer system,

FIG. 2 illustrates different encrypting steps used when storinginformation in accordance with the invention, and

FIG. 3 illustrates encrypting and decrypting steps used when alteringthe storage identities in accordance with the invention.

Reference is now made to FIG. 1, which illustrates a computer systemcomprising an authorisation check system ACS, which may be of any knowntype; a number of user tools or applications, of which one is designatedAPPL 1; a database manager DBM; a database 10, which here includes apublic register 20 for storing public information, an operative register30 for storing operative data, and a strategic register 40 for storingstrategic data; a hardware component 50; and a program module 60. Theinvention is chiefly implemented in the hardware component 50 and theprogram module 60.

The hardware component 50 has an encapsulation that renders ittamper-proof in order to prevent monitoring by tracking tools orcompilation. The hardware component 50 acts as a distributed processor,which in particular has the functions of

creating reversible and non-reversible encrypting algorithms,

supplying randomly-produced variables for encrypting and decryptingalgorithms,

initiating, e.g. at times chosen at random, an alteration of the storageidentities of stored records,

storing the encrypting and decrypting algorithms last used,

storing information on user authorisations, if several users are to beauthorised to have access to an operative record, and

linking an original identity (e.g. a personal code number) to the rightrecord in a database.

Thus, the hardware component 50 may comprise a microprocessor, amicrocode-programmed PROM storage, required I/O units, encrypting anddecrypting units, and storage units for storing information on thealgorithms employed as well as the user authorisations. The constructionof the hardware component 50 may vary with different applications and iseasily implemented by those skilled in the art with the aid of thepresent description, for which reason the construction of this componentwill not be described in more detail here.

The program module 60 primarily serves to handle the dialogue betweenthe hardware component 50 and the user application at issue. The programmodule 60 also handles the dialogue between the hardware component 50and the authorisation check system ACS, and the sorting out or removalof stored data, events log, and so forth. The program module 60 may alsotransfer records from operative registers to strategic registers whenrecords are being sorted out from the former.

In the following description of the system of FIG. 1, the designationsgiven below will be used for describing the encrypting and decryptingalgorithms employed. Generally speaking, the encrypting and decryptingalgorithms can be described as follows:

    F.sub.Type (Random number, Input data)=Results

wherein

F designates a function,

Type indicates the type of function. (In this embodiment, the followingtypes are used:

F_(KIR) =Non-reversible encrypting algorithm

F_(KR) =Reversible encrypting algorithm

F_(DKR) =Decrypting algorithm),

Random number represents one or more constants and/or variables includedin the function F,

Input data are the data to be encrypted or decrypted, and

Results indicate a unique function value for a given function.

The process for storing information in the database will now bedescribed with reference to FIGS. 1 and 2 in conjunction. It is acondition that the information to be stored can be divided intoidentifying information and associated descriptive information. Thefollowing information on a specific individual is given as an example.##STR1##

In the first step of the process, the information is divided intoidentifying information and descriptive information.

In a second step (illustrated in FIG. 2), the identifying information(PCN, NAME, ADDRESS) is stored in the public register 20, optionally inthe form of plain text, since this information is of the type that isgenerally accessible.

In a third step, an original identity OID is selected from theidentifying information. In this example, OID=personal code number PCN.The original identity OID is encrypted by means of a non-reversiblealgorithm ALG1, which is produced at random by the hardware component50. This non-reversible encryption results in an update identity UID asfollows:

    ALG1: F.sub.KIR (Random number, OID)=UID

The encrypting algorithm ALG1 is such that attempts at decryption of theupdate identity UID to the original identity OID results in a greatnumber of identities, which makes it impossible to link a specific UIDto the corresponding OID.

In a fourth step, the update identity UID is encrypted by means of areversible algorithm ALG2, which also is produced at random by thehardware component 50. This reversible encryption results in a storageidentity SID as follows:

    ALG2: F.sub.KR (Random number, UID)=SID

The encrypting algorithm ALG2 is such that there exists a correspondingdecrypting algorithm ALG3 by means of which the storage identity SID canbe decrypted in order to recreate the update identity UID.

In a fifth step, the obtained storage identity SID is stored along withthe descriptive information DI as an information record P on the storagemedium, which is designated M in FIG. 2. In this example, the record Pis stored in the operative database 30 as well as in the strategicdatabase 40.

Preferably, all alterations in the databases are performed in randomlytime-controlled batches, such that every alteration in one registernormally involves simultaneous alteration or addition of a plurality ofrecords, which is intended to prevent tracking. To this end, data can bestored temporarily in a buffer store, optionally in encrypted form.

As appears from the foregoing, a stored information record P has thefollowing general appearance: ##STR2##

Since the original identity OID is encrypted in two steps, of which thefirst is non-reversible and the second is reversible, it is possible tostore the descriptive information DI along with a storage identity SIDthat never can be linked to the original identity OID, as well as tocreate "floating" (i.e. which change over time) storage identities SIDwhile retaining the possibility of locating, for a specific originalidentity OID, the associated descriptive information DI stored.

The process for creating "floating" storage identities will now bedescribed in more detail with reference to FIG. 3.

As mentioned above, the storage identities SID are changed over time inorder to prevent, or at least make much more difficult, all attempts attracking, i.e. unauthorised attempts at locating, when a register isupdated, where and in which form given original information is stored onthe storage medium.

The times when the storage identities SID are to be replaced with newstorage identities SID' can be controlled at random by the hardwarecomponent 50. Alternatively, these times can be controlled by otherfactors, such as the number of alterations in or updates of thedatabase.

At every time, one decrypts the storage identities SID of all therecords P whose storage identities are to "float" or be altered. Thehardware component 50 has an internal storage, in which is storedinformation on the reversible algorithm ALG2 last used, which makes itpossible, at each time, to produce in the hardware component 50 acorresponding decrypting algorithm ALG3, by means of which the storageidentities SID can be decrypted in order to recreate the correspondingupdate identities UID.

    ALG3: F.sub.DKR (Random number, SID)=UID

Thus, the following relationship applies:

    F.sub.DKR (Random number, F.sub.KR (Random number, UID))=UID

Thereafter, the hardware component 50 produces, by means of new randomnumbers (Random numbers') a new and altered reversible algorithm ALG2',by means of which the recreated update identities UID are reversiblyencrypted to new and altered storage identifies SID' to be stored alongwith the associated descriptive information in the selected records.

    ALG2': F.sub.KR (Random number', UID)=SID'

As described in the foregoing in connection with general storage ofinformation, the alteration of the storage identities on the storagemedium preferably takes place in a batch.

When the storage identities SID of the records P are thus to be replacedwith the new storage identities (SID'), one may, as a further matter ofprecaution, move the records P to new physical locations on the storagemedium.

In a preferred embodiment of the invention, such an alteration of thestorage identities is produced every time the content of the databasesis to be altered or updated.

Operative data is retrieved from the operative register 30 in FIG. 1 inthe following manner. To begin with, the user inputs the currentoriginal identity OID, i.e. PCN, to the program application APPL 1 alongwith a statement concerning the requested information. APPL 1 stores thePCN and the statement on the requested information, i.e. the statementon the register or database where the information is to be searched for,and then transmits the PCN and the database statement to the databasemanager DBM which is to retrieve the requested information. The databasemanager notes that the records of the current database are protected bythe inventive system, and therefore transmits the PCN along with thedatabase name to the program module 60 and the hardware component 50.The database name indicated is used for producing, from tabularinformation stored in the hardware component 50, correct algorithms ALG1and ALG2 by means of which the PCN is converted via the update identityUID to the storage identity SID. The thus-produced storage identity SIDis transmitted to the database manager DBM, which then searches in thedatabase at issue (here the operative register 30) for descriptiveinformation DI whose storage identities correspond to the storageidentity SID produced. The database manager DBM returns the descriptiveinformation DI to the application APPL 1, which links the thus-produceddescriptive information DI to the personal code number PCN. It shouldhere be emphasised that the personal code number is stored in APPL 1only, i.e. in the working storage of the computer, and the identity ofthe individual thus remains perfectly safe.

Data are retrieved from the strategic database 40 without resorting tothe use of any original identity OID. The search is based directly onthe descriptive information, and since descriptive informationassociated with one and the same individual is stored along with thesame storage identity SID, all descriptive information associated with asingle individual is easily put together without in any way threateningthe anonymity of the individual.

Different encrypting algorithms can be used in the operative register 30and the strategic register 40. However, the non-reversible algorithmALG1 may be the same. Furthermore, it will be appreciated that thetabular algorithm information stored in the hardware component 50 maycomprise many more registers than are shown in FIG. 1.

The inventive embodiment described above can be modified in many wayswithin the scope of the invention as defined in the appended claims. Theterm "encryption" is meant to encompass the term "hashing" throughout.

In one modification of the inventive method that is of particularinterest, each information record P in the operative database 30 issupplemented with a user identity UI as follows. ##STR3## Thus, itbecomes possible to link records to individual users in the operativedatabase. When a user attempts at retrieving the information in arecord, it is checked whether he is authorised to have access to therecord in question. In particular, it becomes possible for differentusers to store descriptive information about one and the same individualwithout enabling unauthorised users to gain access to the informationstored. The user identity UI in stored records can be changed withoutaffecting the storage identity SID or the descriptive information DI. Ifa user is to have access to records containing other user identities UIthan his own, the hardware component 50 can be supplemented with a tablecontaining stored information that controls such authorisation.

Another conceivable modification of the embodiment described providesthe possibility of using a reversible algorithm in the first encryptingstep ALG1, which does not, however, involve the same degree of securityas the use of a non-reversible algorithm.

Finally, it should be mentioned that, if need be, also the descriptiveinformation can be encrypted before storage by means of a reversiblealgorithm in order to enhance security even further.

I claim:
 1. An apparatus for storing data comprising an originalidentity (OID) and associated descriptive information (DI),characterised bya first encrypting means (50) which is arranged, bymeans of a first algorithm (ALG1), to encrypt the original identity(OID) to an update identity (UID), a second encrypting means (50) whichis arranged, by means of a reversible algorithm (ALG2), to encrypt theupdate identity (UID) to a storage identity (SID), which is to be storedalong with associated descriptive information (DI) as a record (P) on astorage medium (30, 40), and a decrypting means (50) which is arranged,at times when the storage identities (SID) of selected stored records(P) are to be replaced with new storage identities (SID'), to decryptthese storage identities (SID) in order to recreate the correspondingupdate identities (UID), the second encrypting means (50) beingarranged, at said times and by means of an altered reversible algorithm(ALG2'), to encrypt the recreated update identities (UID) to new storageidentities (SID'), which are to replace the previous storage identities(SID).
 2. An apparatus as set forth in claim 1, characterised by a meansarranged to randomly establish said times when the storage identities(SID) of the selected records (P) are to be replaced with new storageidentities (SID').
 3. An apparatus as set forth in claim 1,characterised by the first algorithm (ALG1) for creating the updateidentity (UID) being a non-reversible algorithm.
 4. An apparatus as setforth in claim 1, characterised by the first and the second encryptingmeans and the decrypting means being implemented as a hardware component(50).
 5. An apparatus as set forth in claim 4, characterised by thehardware component (50) comprising a processor of its own, which isadapted to act as a distributed processor in a computer.
 6. An apparatusas set forth in claim 4, characterised by the hardware component (50)being adapted to create variable algorithms and comprising a means forstoring the algorithms last created.
 7. An apparatus as set forth inclaim 2, characterized by the first algorithm (ALG1) for creating theupdate identify (UID) being a non-reversible algorithm.
 8. An apparatusas set forth in claim 2, characterized by the first and secondencrypting means and the decrypting means being implemented as ahardware component (50).
 9. An apparatus as set forth in claim 3,characterized by the first and second encrypting means and thedecrypting means being implemented as a hardware component (50).
 10. Anapparatus as set forth in claim 5, characterized by the hardwarecomponent (50) being adapted to create variable algorithms andcomprising a means for storing the algorithms last created.
 11. A methodfor storing data comprising an original identity (OID) and associateddescriptive information (DI), characterised by the steps ofencryptingthe original identity (OID) to an update identity (UID) by means of afirst algorithm (ALG1), encrypting the update identity (UID) to astorage identity (SID) by means of a reversible algorithm (ALG2),storing the storage identity (SID) and the descriptive information (DI)as a record (P) on a storage medium (30, 40), and performing thefollowing substeps at times when the storage identities (SID) ofselected stored records (P) are to be replaced with new storageidentities (SID'):decrypting the storage identities (SID) of theselected records (P) in order to recreate the corresponding updateidentities (UID), altering the reversible algorithm (ALG2) andencrypting, by means of the altered reversible algorithm (ALG2'), therecreated update identities (UID) to new storage identities (SID'), andreplacing the storage identities (SID) of the selected records (P) withthe new storage identities (SID').
 12. A method as set forth in claim11, characterised by the step of selecting, as said selected records(P), all the records (P) stored on the storage medium (30, 40).
 13. Amethod as set forth in claim 11, characterised in that the step ofreplacing the storage identities (SID) of the selected records (P) withthe new storage identities (SID') is carried out in a batch, so that thestorage identities (SID) of the selected records (P) are alteredessentially simultaneously on the storage medium (30, 40).
 14. A methodas set forth in claim 11, characterised in that the step of replacingthe storage identities (SID) of the selected records (P) with newstorage identities (SID') also comprises moving the selected records (P)to new physical locations on the storage medium (30, 40).
 15. A methodas set forth in claim 11, characterised by the step of encrypting alsothe descriptive information (DI) before this is stored on the storagemedium in the respective records (P).
 16. A method as set forth in claim8, characterized in that the step of replacing the storage identities(SID) of the selected records (P) with the new storage identities (SID')is carried out in a batch, so that the storage identities (SID) of theselected records (P) are altered essentially simultaneously on thestorage medium (30, 40).
 17. A method as set forth in claim 8,characterized in that the step of replacing the storage identities (SID)of the selected records (P) with new storage identities (SID') alsocomprises moving the selected records (P) to new physical locations onthe storage medium (30, 40).
 18. A method as set forth in claim 9,characterized in that the step of replacing the storage identities (SID)of the selected records (P) with new storage identities (SID') alsocomprises moving the selected records ()P) to new physical locations onthe storage medium (30, 40).
 19. A method as set forth in claim 8,characterized by the step of encrypting also the descriptive informationbefore this is stored on the storage medium in the respective records(P).
 20. A method as set forth in claim 9, characterized by the step ofencrypting also the descriptive information (DI) before this is storedon the storage medium in the respective records (P).
 21. A method as setforth in claim 10, characterized by the step of encrypting also thedescriptive information (DI) before this is stored on the storage mediumin the respective records (P).